Computing at Cornell Resources for Technical Support Providers

DNSDB Tools for Network Registration

The methods available for entering the data required by Cornell's Network Registry depends on the method your subnet uses for assigning IP addresses.

  1. Static IP addressing
  2. CIT's DHCP registration service
  3. A departmental DHCP service
  4. A departmental firewall and/or a single circuit gateway (separated subnets)

To use the tools described here, you need to be a registered network administrator as described on the Network and Host Registration page.

On subnets with...

  1. Static IP addressing

    1. With host names already entered in CIT's DNS database (DNSdb)
      The network administrator can update the DNSdb entries for the Network Registry in any of three ways:
      • The host list web page at http://dnsdb.cit.cornell.edu/dnsdb-cgi/host.pl for updating one machine at a time
      • The batch load interface at http://dnsdb.cit.cornell.edu/dnsdb-cgi/batch.pl for updating multiple machines at once - use the addmac command to add MAC addresses, or the new chgowner command to add NetIDs
      • A user self-update web page (scheduled to become available in November) that will automatically detect the MAC address and NetID for an existing DNSDB host registration, display the results, and ask the user to "click to update"

    2. Without entries in DNSdb
      The network administrator can create DNSdb entries for the Network Registry in two ways:
      • Create and upload a batch load file with three commands for each machine:
          addhost hostname ipaddr to create a record
          addmac ipaddr macaddr to record the MAC address
          chgowner hostname netid to record the NetID
      • Create and upload a batch load file with only the IP address and host name for each machine, then use the user self-update web page (scheduled to become available in November) that will automatically detect the MAC address and NetID for an assigned IP, display the results, and ask the user to "click to update"

  2. CIT's DHCP registration service

    • With IP address, MAC address, and NetID filled in for each machine
        These subnets are already in compliance with the Network Registry policy; information already in DNSdb does not need to be re-entered. On subnets that use the user self-registration form, the form will look somewhat different after June 1.

    • Currently configured with a dynamic pool that allows unknown MAC addresses, or a registration pool that uses IP addresses that are fully Internet enabled (i.e. not restricted to campus)
        The DHCP configuration will need to be updated: Dynamic pools must be restricted to known MAC addresses, and registration pools must use "10" addresses, which are restricted to on-campus routing. These updates should be done in a timely fashion taking into consideration the policy requirements and the needs of the department. The network administrator should review the documentation for Using CIT's DHCP service and then send a request for configuration changes to hostmaster@cornell.edu.
      • Note: Unknown MAC addresses will not be allowed on new DHCP configurations set up after June 1, 2004

  3. A departmental DHCP service
    Network administrators should
    • Limit their service to known MAC addresses
    • Record machines in the Network Registry using DNSdb's batch load interface with the same addhost, addmac and new chgowner commands shown above. If a dynamic pool of known MAC addresses is used, each MAC should be registered in DNSDB with an IP address in the "0" address space, which is reserved for network registry (no network traffic is routed to or from a "0" address, nor are "0" addresses served in DNS). For example, if the subnet is 128.253.230.0/24 then the netadmin can assign "0" addresses 0.253.230.11 - 0.253.230.254 in the network registry.

  4. A departmental firewall and/or a single circuit gateway (separated subnets)
    The network administrator should send e-mail to Laurie Collinsworth (ljc1@cornell.edu) so that she can make note of your specific situation, and set up a meeting to talk about how CIT can help you comply with the policy after the initial rollout has stabilized.

This information is adapted from Laurie Collinsworth's May 17 e-mail to Net-Admin-L about DNSDB Tools for Network Registration

______________________________________

Please send questions to hostmaster@cornell.edu
Report violations to security@cornell.edu
Use our feedback form to send comments about this web page
Last modified: June 04, 2007